MDVSA-2013:087

Problem description

Multiple security issues was identified and fixed in mozilla firefox:

Security researcher Mariusz Mlynski reported a method to use browser
navigations through history to load an arbitrary website with that
page's baseURI property pointing to another site instead of the
seemingly loaded one. The user will continue to see the incorrect
site in the addressbar of the browser. This allows for a cross-site
scripting (XSS) attack or the theft of data through a phishing attack
(CVE-2013-0793).

Security researcher Cody Crews reported a mechanism to use the
cloneNode method to bypass System Only Wrappers (SOW) and clone a
protected node. This allows violation of the browser's same origin
policy and could also lead to privilege escalation and the execution
of arbitrary code (CVE-2013-0795).

Security researcher miaubiz used the Address Sanitizer tool to
discover a crash in WebGL rendering when memory is freed that has
not previously been allocated. This issue only affects Linux users
who have Intel Mesa graphics drivers. The resulting crash could be
potentially exploitable (CVE-2013-0796).

Security researcher Abhishek Arya (Inferno) of the Google Chrome
Security Team used the Address Sanitizer tool to discover an
out-of-bounds write in Cairo graphics library. When certain values
are passed to it during rendering, Cairo attempts to use negative
boundaries or sizes for boxes, leading to a potentially exploitable
crash in some instances (CVE-2013-0800).

Mozilla developers identified and fixed several memory safety
bugs in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption under
certain circumstances, and we presume that with enough effort at least
some of these could be exploited to run arbitrary code (CVE-2013-0788).

The mozilla firefox packages has been upgraded to the latest ESR
version (17.0.5) which is unaffected by these security flaws.